Skip to main content

Open CASCADE Technology EUVDEUVD-2026-26602

| CVE-2026-42479 MEDIUM
Out-of-bounds Read (CWE-125)
2026-05-01 mitre
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 01, 2026 - 17:54 vuln.today
CVSS changed
May 01, 2026 - 17:52 NVD
5.5 (MEDIUM)
EUVD ID Assigned
May 01, 2026 - 15:00 euvd
EUVD-2026-26602
Analysis Generated
May 01, 2026 - 15:00 vuln.today
CVE Published
May 01, 2026 - 00:00 nvd
MEDIUM 5.5

DescriptionCVE.org

An out-of-bounds read vulnerability in VrmlData_IndexedLineSet::TShape in the VRML parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because coordIndex values from parsed input are used as direct array indices without validation against the size of the coordinate array during geometry processing.

AnalysisAI

Out-of-bounds read in Open CASCADE Technology V8_0_0_rc5 VRML parser allows denial of service when processing crafted VRML files with invalid coordIndex values. The vulnerability exists in VrmlData_IndexedLineSet::TShape geometry processing, where array indices are used without bounds validation, enabling local attackers with user interaction to crash applications through malformed input.

Technical ContextAI

Open CASCADE Technology (OCCT) is a 3D geometry kernel library used in CAD/CAM software. The VRML (Virtual Reality Modeling Language) parser contains a geometry processing component (VrmlData_IndexedLineSet::TShape) that reads coordinate indices from parsed VRML files. The vulnerability is a classic out-of-bounds read (CWE-125) where coordIndex values from user-supplied VRML data are directly used as array indices into the coordinate array without validation. This violates bounds-checking safety protocols in memory-safe code, allowing reads beyond allocated buffer boundaries. The affected CPE indicates the vulnerability affects OCCT products, though the specific vendor organization is classified as 'n/a' in the available data.

RemediationAI

Upgrade to the latest patched version of Open CASCADE Technology beyond V8_0_0_rc5 (specific fix version not provided in available data; contact OCCT vendor for confirmed patch version). Immediate workaround: disable VRML file import in CAD applications until patching is possible, or implement input validation pre-processing that validates all coordIndex values against the coordinate array size before geometry processing. Users should avoid opening VRML files from untrusted sources. Apply principle of least privilege to limit application access to system resources that could be exploited if denial of service leads to resource exhaustion. Contact the Open CASCADE Technology vendor for confirmed patch availability and timeline.

Share

EUVD-2026-26602 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy